By Keith Tilley, EVP, Global Sales & Customer Services Management, Sungard Availability Services
Distributed Denial of Service (DDoS) attacks are on the rise, with the UK having suffered numerous incidents over the past few months; the BBC has been a victim, while code-sharing site GitHub is also suspected of having been brought down by DDoS.
Though they are not the most sophisticated form of cyber threat, DDoS attacks still have the potential to bring an organisation to its knees. By throwing enough traffic at a business to flood its bandwidth, a DDoS attack can succeed in disabling its website – which, in a world where customers demand a 24/7 service, can be disastrous. Every business with an online presence is at risk, and in the 21st century you’d be hard pressed to find an organisation that this does not apply to.
A few decades ago, when bricks and mortar shops were the key form of commerce, security fears revolved around the locks on your front door, or placing your most valuable commodities in the back room’s safe. Shop owners knew that if the worst were to happen, and they had their products stolen, they could be out of business for weeks while they replenished stock and refitted the shop front. Although the nature of the threat has changed, the risk remains.
Nowadays your website is your virtual shop front, and while your commodities can’t be hauled away in the back of a van, downtime to online services can be just as detrimental to your bottom line. When considering lost sales, damage to customer trust, and the subsequent loss of reputation, there is a lot at stake. To put the threat into context, recent research by the Ponemon Institute found that the cost of just a single minute’s downtime for general businesses could reach over £5,700 – and given that the average DDoS attack lasts for 86 minutes, the cost could exceed £491,830 – around eighteen times the average employee salary in the UK.
Keeping Businesses Awake at Night
The rise of this threat has created yet another headache for the Chief Security Officer. Alarmingly, a DDoS attack could render security precautions against regular cyber-attacks or malicious hacking irrelevant. It is especially worrying that while DDoS attacks were initially the work of amateurs, an increasing number of criminal organisations are launching these attacks as a smokescreen, creating an opportunity to take control of business critical systems and hold organisations to ransom.
Think of your organisation as a fortress. Despite all the measures you put in place to protect the fortress from an external attack, someone simply parachutes into this fortress from above and disables everything from the inside. A DDoS attack works much like this paratrooper: simple, unsophisticated, yet able to deal out substantial damage.
The news may be full of the high profile names affected by DDoS attacks – from local councils to online casinos – but what does not come across in the headlines is the sheer volume. The latest news reports state there are now some 7,000 DDoS attacks every day. And with no clear correlation between victims it seems literally any business could be next.
Assembling the Troops
While there is no quick fix solution available to help organisations protect against an attack of this nature, seeking the help of a partner with extensive DDoS and attack-mitigation expertise can help in the battle to spot liabilities and minimise damage.
Defence against these types of attacks are extremely difficult to do on the fly. It is quicker and far more effective to proactively implement defensive measures in readiness, rather than wait until you are under attack. The longer a partner has to get to know the ins and outs of your online systems, the more comprehensive and tailored the protection and defence plan will be.
With an increasingly complex security landscape to navigate, and dwindling budgets, it is easy to understand how protection against such risks may fall to the bottom of the priority list. However, UK businesses need to take a step back and ask themselves: How much is my online presence actually worth? And what lengths would I go to in order to protect it?
There is no doubt that answering these questions will help spur organisations into action.